Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/plutoploy/dns-handling/llms.txt

Use this file to discover all available pages before exploring further.

This endpoint returns metadata about the TLS certificate that was issued for a domain after a successful ACME DNS-01 flow. Call it after polling GET /domains/{id} and confirming the domain status is active — the certificate record is created by the background issuance process and will not exist until that process completes successfully.

Endpoint

GET /domains/{id}/certificate

Path Parameters

id
string
required
The unique identifier of the domain whose certificate you want to retrieve. The domain must have a status of active. Domains in any other status will return a 404.

Response — 200 OK

id
string
The unique identifier for this certificate record in the database.
domain_id
string
The identifier of the domain this certificate was issued for. Matches the {id} path parameter.
issued_at
string
RFC3339 timestamp recording when the certificate was issued by the ACME provider. Set by the background issuance process at the moment the certificate chain was retrieved and stored.
expires_at
string
RFC3339 timestamp recording when the certificate will expire. Computed by CompleteOrder() in acme.go as exactly issued_at + 90 * 24 hours (issuedAt.Add(90 * 24 * time.Hour)), regardless of the ACME provider’s own validity period.
created_at
string
RFC3339 timestamp recording when the certificate database record was created. This will be equal to or slightly after issued_at.

Example Request

curl https://api.example.com/domains/a3f1c2d4e5b6789012345678abcdef01/certificate

Example Response

{
  "id": "c1d2e3f4a5b6789012345678cdef0102",
  "domain_id": "a3f1c2d4e5b6789012345678abcdef01",
  "issued_at": "2025-01-15T10:32:00Z",
  "expires_at": "2025-04-15T10:32:00Z",
  "created_at": "2025-01-15T10:32:01Z"
}
The certificate PEM and private key PEM are stored in the database but are not included in the API response — only metadata fields are returned. Retrieving the actual PEM material for use in a web server or load balancer requires direct database access to the certificates table.
Certificates expire exactly 90 days after issuance — expires_at is set to issued_at + 90 * 24 hours by CompleteOrder() in acme.go. Monitor the expires_at field and re-issue before it is reached by calling POST /domains/{id}/issue-certificate again. Note that the domain’s status must be verified to start a new issuance — if the domain status has since changed (for example, it was set to failed during a prior attempt), it will need to be re-verified before a new certificate can be requested.

Error Responses

StatusCondition
404 Not FoundNo domain exists with the given id; the domain exists but its status is not active; or the domain is active but no certificate record was found in the database.

Build docs developers (and LLMs) love

Get started for freeTalk to us